Overview

overview

10

Static

static

8

5598febfbf...e3.exe

windows7_x64

10

5598febfbf...e3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5598febfbf00839c9f7047d9fe3205e3.exe

  • Size

    16.2MB

  • Sample

    220208-cae7msbhcl

  • MD5

    5598febfbf00839c9f7047d9fe3205e3

  • SHA1

    3bc26a4c8e5f8a93671c9e24678530b51224ef61

  • SHA256

    02dda0916789c0c3572cbbf0e119cbae7be42e10eca39be66bbaaf2468a62b7a

  • SHA512

    56dbe64e5f45a7e175ced8055f92e9a651c2aad984a1150f25654f4928d16ceaa2cc7fe0cdb3ba8ffebe4905620599625dceefdba0ed3b200cc947bcaf57285b

Score
10/10
rmsrattrojanupx

Malware Config

Targets

    • Target

      5598febfbf00839c9f7047d9fe3205e3.exe

    • Size

      16.2MB

    • MD5

      5598febfbf00839c9f7047d9fe3205e3

    • SHA1

      3bc26a4c8e5f8a93671c9e24678530b51224ef61

    • SHA256

      02dda0916789c0c3572cbbf0e119cbae7be42e10eca39be66bbaaf2468a62b7a

    • SHA512

      56dbe64e5f45a7e175ced8055f92e9a651c2aad984a1150f25654f4928d16ceaa2cc7fe0cdb3ba8ffebe4905620599625dceefdba0ed3b200cc947bcaf57285b

    Score
    10/10
    rmsrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks